Thursday, March 13, 2014

Key Features of U.S. approach to Cyber Security

Cyber Security has become a focal point of national economic and security concern. On February 12th, 2013 President Obama signed Executive Order (EO) 13636: Improving Critical Infrastructure Cybersecurity. The EO sets the foundation for developing a framework in which private sector companies of critical infrastructures and the government share information and work together to prevent cyber attacks (White House, 2013). Even before this executive order there has been work done by various national agencies to help define and strengthen the nation’s cyber security, a few of which are discussed in this paper.

The White House developed The Comprehensive National Cybersecurity Initiative (CNCI) which addresses three main strategies for cyber security of the United States: The development of a front line of defense to mitigate vulnerabilities and intrusions; To have a defense against the entire range of cyber threats through counterintelligence and protection of the supply chain; To strengthen the future cybersecurity space with training/awareness, R&D, and new strategies to mitigate malicious attacks (White House, n.d.). The threats come in many forms and there is still a lot of work to do to increase cyber security as shown by Edward Snowden’s insider attack at the NSA where he used low-tech web crawler tools to gather and then exfiltrate classified information (Sanger and Schmitt, 2014).

The United States Computer Emergency Readiness Team developed The National Strategy to Secure Cyberspace (NSSC) that has three main strategic objectives, which are: Prevent attacks against the nation's critical infrastructures; to mitigate the nation's vulnerability to cyber attacks; To decrease the mean time to recovery (MTTR) and mitigate damage when attacks do occur. The NSSC has identified five National Cyberspace Security Priorities to achieve these objectives:

A cyberspace security response system.

A cyberspace security threat and vulnerability reduction program.

A security awareness and training program.

The securing of the governments cyberspace.

Developing national and international cyber security cooperation (US-CERT, 2003).

The U.S. Department of Defense has implemented five pillars to their Strategy in Cybersecurity: The first pillar is to identify Cyberspace as a warfare arena to defend and operate freely in; The second pillar is the use of active defenses, with seek and destroy capabilities, as passive defenses only catch 70-80% of the attacks; The third pillar is protecting the critical infrastructures; The fourth pillar is the collective defense with information sharing; The fifth pillar is to keep a technological superiority (Garamone, 2010).

In the economic arena, Melissa E. Hathaway discussed that the growth of a nation’s gross domestic product (GDP) is heavily dependent on information communication technology (ICT). She created the Cyber Readiness Index (CRI) which measures the economic erosion caused by cyber insecurity to ICT. The CRI shows that the U.S.A. is one of the leading countries in active cyber readiness yet still are experiencing GDP losses due to insecurities in cyber (Hathaway, 2013).

References

Garamone, Jim (2010, September 15). Lynn Explains U.S. Cybersecurity Strategy. US Department of Defense. Retrieved February 9, 2014, from http://www.defense.gov/News/NewsArticle.aspx?ID=60869

Sanger, David; Schmitt, Eric (2014, February 8). Snowden Used Low-Cost Tool to Best NSA. New York Times. Retrieved February 9, 2014, from http://www.nytimes.com/2014/02/09/us/snowden-used-low-cost-tool-to-best-nsa.html